Operation Modes

In This Section: Basic Mode Advanced Mode RMA Mode

Central Deployment Tool (CDT) can run in these operation modes:

Mode	Description
Basic	Installs a package, and/or run Pre-Installation and Post-Installation scripts on the specified Security Gateways.
Advanced	Runs a Deployment Plan - a list of predefined actions (such as a major upgrade, a Hotfix installation, run a post-installation script, and so on) on the specified Security Gateways.
RMA	Automates the RMA backup and restore process.

Basic Mode

Introduction:

CDT Basic Mode lets you:

• Install one Hotfix or upgrade, and run user Pre-Installation scripts and/or user Post-Installation scripts.
• Run the CDT in the preparations and extended preparations modes.

Workflow:

1. Connect to the command line on your Management Server you use for package distribution.
2. Log in to Expert mode.
3. Make sure there is no active GUI client that locks the management database, such as SmartDashboard or SmartConsole.
4. Install the CDT RPM package (if it is not already installed on your system) from sk111158.
5. Edit the CentralDeploymentTool.xml file to change the settings (see Elements of the CDT Primary Configuration File):
   • Add the PackageToInstall element: You must specify the absolute path (with the file name) to the CPUSE Offline package you wish to deploy. For cluster upgrades, you can add an optional attribute in order to prevent Connectivity Upgrade.
   • Configure the CPUSE element to specify the absolute path to the CPUSE RPM package.
   • Optional: Add the PreInstallationScript and PostInstallationScript elements to run the Pre-Installation and Post-Installation user scripts (see Elements of the CDT Primary Configuration File).
6. Generate the Installation Candidates List (see below) to get a full list of the Security Gateways and Cluster Members connected to your Management Server.

   Note - You can edit the Candidates List file (see Introduction to the Candidates List) to make sure the specified Security Gateways are not included.

7. Optional: Run preparations or extended preparations before the installation itself, to save deployment time during maintenance windows. The CDT runs all the defined Pre-Installation scripts.
8. Install the selected package and run all Pre-Installation and Post-Installation scripts.

   Note: If you use preparations, or extended preparations method, the CDT does not run the Pre-Installation scripts again.

To generate an Installation Candidates List:

Management Server	Instructions
Security Management Server	# ./CentralDeploymentTool –generate <Name of Candidates List file>.csv
Multi-Domain Security Management Server	# mdsenv <IP Address or Name of Domain Management Server>   # ./CentralDeploymentTool -generate <Name of Candidates List file>.csv <IP Address or Name of Domain Management Server>

Preparations (Pre-Installations):

If you have a tight maintenance window, use the preparations mode to save deployment time and prepare in advance. In this scenario, the CDT does these actions:

1. Sends the installation package to the Security Gateways (to the /var/log/upload/ directory).
2. Sends the CPUSE Agent package to the Security Gateways (to the /var/log/upload/ directory).
3. Runs the user Pre-Installation scripts.
4. Does not update the CPUSE Agent package.
5. Does not start the actual package installation.

To use simple preparations on all marked candidates in the Candidates List, run:

Management Server	Instructions
Security Management Server	# ./CentralDeploymentTool -preparations <Name of Candidates List file>.csv
Multi-Domain Security Management Server	# mdsenv <IP Address or Name of Domain Management Server>   # ./CentralDeploymentTool -preparations <Name of Candidates List file>.csv <IP Address or Name of Domain Management Server>

Extended Preparations (Extended Pre-Installations):

You can extend the preparations flow. In this scenario, the CDT does these actions:

1. Sends the installation package to the Security Gateways (to the /var/log/upload/ directory).
2. Sends the CPUSE Agent package to the Security Gateways (to the /var/log/upload/ directory).
3. Runs the user Pre-Installation scripts on the Security Gateways.
4. Updates the CPUSE Agent on the Security Gateways.

   Note - Update of the CPUSE Agent might cause short connectivity loss in some rare cases.

5. Imports and verifies the installation package with CPUSE.
6. Does not start the actual package installation.

To use extended preparations on all marked candidates, run:

Management Server	Instructions
Security Management Server	# ./CentralDeploymentTool -extended_preparations <Name of Candidates List file>.csv
Multi-Domain Security Management Server	# mdsenv <IP Address or Name of Domain Management Server>   # ./CentralDeploymentTool -extended_preparations <Name of Candidates List file>.csv <IP Address or Name of Domain Management Server>

Installation:

1. To run a full installation on all marked candidates, run:

   Management Server	Instructions
   Security Management Server	# ./CentralDeploymentTool -install <Name of Candidates List file>.csv
   Multi-Domain Security Management Server	# mdsenv <IP Address or Name of Domain Management Server>   # ./CentralDeploymentTool -install <Name of Candidates List file>.csv <IP Address or Name of Domain Management Server>

2. Installation starts.

   The CDT shows the installation progress on the screen.

   CDT writes the progress details at 5 seconds intervals to these files in the directory of the CentralDeploymentTool binary file:

   File	Description
   CDT_status.txt	Full description of the last completed stage and current stage of all Security Gateways and Cluster Members statuses.
   CDT_status_brief.txt	Brief description (current stage only) of all Security Gateways and Cluster Members statuses currently in execution. Useful if your screen area is limited.

   We recommend to run the watch command to read the file continuously.

   Example:
   # watch -d cat CDT_status.txt

3. All failures in the installation cause an error.
   • If this error is blocking, the Security Gateway or Cluster upgrade does not continue. The CDT sends an error report to the configured email address.

     Note - The error is blocking, if the package fails to install, or if you defined an installation script as blocking with the parameter "IsBlocking" (see Elements of the CDT Primary Configuration File).

   • If this error is not blocking, the installation continues, and the CDT logs and status file show a successful installation.

Retry:

If the installation failed on some of the Security Gateways, but continues on the remaining Security Gateways:

1. Manually resolve the issue on the failed Security Gateways
2. Run one more instance of the CDT in Retry Mode for the failed Security Gateways

CDT tries to continue execution on failed Security Gateways and Cluster Members, starting from the last failed stage. Retry is only possible when the CDT runs. To perform retry:

1. Open a new SSH connection to the Management Server.
2. Log in to Expert mode.
3. Run:

   Management Server	Instructions
   Security Management Server	# ./CentralDeploymentTool -retry
   Multi-Domain Security Management Server	# mdsenv <IP Address or Name of Domain Management Server>   # ./CentralDeploymentTool -retry <IP Address or Name of Domain Management Server>

4. CDT detects that a different instance of the CDT runs and notifies that CDT instance to retry the same operation on all the failed Security Gateways.